Sourcefire VRT Rules Update
Date: 2007-12-18
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.
The format of the file is:
sid - Message (rule group)
New rules: 12984 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 12985 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules) 12986 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules) 12987 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules) 12988 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules) 12989 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules) 12990 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules) 12991 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 12992 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules) 12993 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules) 12994 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 12995 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules) 12996 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 12997 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules) 12998 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules) 12999 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules) 13000 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13001 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules) 13002 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules) 13003 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules) 13004 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13005 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules) 13006 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules) 13007 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules) 13008 <-> NETBIOS SMB srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13009 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules) 13010 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules) 13011 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules) 13012 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13013 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules) 13014 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules) 13015 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules) 13016 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13017 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX integer overflow attempt (netbios.rules) 13018 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode integer overflow attempt (netbios.rules) 13019 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode integer overflow attempt (netbios.rules) 13020 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13021 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules) 13022 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules) 13023 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules) 13024 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13025 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules) 13026 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules) 13027 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules) 13028 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13029 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian integer overflow attempt (netbios.rules) 13030 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian integer overflow attempt (netbios.rules) 13031 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian integer overflow attempt (netbios.rules) 13032 <-> NETBIOS SMB srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules) 13033 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX object call integer overflow attempt (netbios.rules) 13034 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode object call integer overflow attempt (netbios.rules) 13035 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode object call integer overflow attempt (netbios.rules) 13036 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules) 13037 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX object call integer overflow attempt (netbios.rules) 13038 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode object call integer overflow attempt (netbios.rules) 13039 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode object call integer overflow attempt (netbios.rules) 13040 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules) 13041 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX object call integer overflow attempt (netbios.rules) 13042 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode object call integer overflow attempt (netbios.rules) 13043 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode object call integer overflow attempt (netbios.rules) 13044 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules) 13045 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian object call integer overflow attempt (netbios.rules) 13046 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian object call integer overflow attempt (netbios.rules) 13047 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian object call integer overflow attempt (netbios.rules) 13048 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules) 13049 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX little endian object call integer overflow attempt (netbios.rules) 13050 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian object call integer overflow attempt (netbios.rules) 13051 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian object call integer overflow attempt (netbios.rules) 13052 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules) 13053 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian object call integer overflow attempt (netbios.rules) 13054 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian object call integer overflow attempt (netbios.rules) 13055 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian object call integer overflow attempt (netbios.rules) 13056 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules) 13057 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules) 13058 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules) 13059 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules) 13060 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules) 13061 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules) 13062 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules) 13063 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules) 13064 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules) 13065 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules) 13066 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules) 13067 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules) 13068 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules) 13069 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules) 13070 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules) 13071 <-> NETBIOS SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules) 13072 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules) 13073 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules) 13074 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules) 13075 <-> NETBIOS SMB-DS v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules) 13076 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules) 13077 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules) 13078 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules) 13079 <-> NETBIOS-DG SMB v4 srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules) 13080 <-> NETBIOS SMB srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules) 13081 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules) 13082 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules) 13083 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules) 13084 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules) 13085 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules) 13086 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules) 13087 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules) 13088 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity andx integer overflow attempt (netbios.rules) 13089 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX andx integer overflow attempt (netbios.rules) 13090 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode andx integer overflow attempt (netbios.rules) 13091 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode andx integer overflow attempt (netbios.rules) 13092 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules) 13093 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules) 13094 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules) 13095 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules) 13096 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules) 13097 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules) 13098 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules) 13099 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules) 13100 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian andx integer overflow attempt (netbios.rules) 13101 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian andx integer overflow attempt (netbios.rules) 13102 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian andx integer overflow attempt (netbios.rules) 13103 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx integer overflow attempt (netbios.rules) 13104 <-> NETBIOS SMB srvsvc NetSetFileSecurity andx object call integer overflow attempt (netbios.rules) 13105 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (netbios.rules) 13106 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (netbios.rules) 13107 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (netbios.rules) 13108 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity andx object call integer overflow attempt (netbios.rules) 13109 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (netbios.rules) 13110 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (netbios.rules) 13111 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (netbios.rules) 13112 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity andx object call integer overflow attempt (netbios.rules) 13113 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX andx object call integer overflow attempt (netbios.rules) 13114 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode andx object call integer overflow attempt (netbios.rules) 13115 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode andx object call integer overflow attempt (netbios.rules) 13116 <-> NETBIOS SMB srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (netbios.rules) 13117 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (netbios.rules) 13118 <-> NETBIOS SMB srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (netbios.rules) 13119 <-> NETBIOS SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (netbios.rules) 13120 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (netbios.rules) 13121 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (netbios.rules) 13122 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (netbios.rules) 13123 <-> NETBIOS SMB-DS srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (netbios.rules) 13124 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity little endian andx object call integer overflow attempt (netbios.rules) 13125 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX little endian andx object call integer overflow attempt (netbios.rules) 13126 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity unicode little endian andx object call integer overflow attempt (netbios.rules) 13127 <-> NETBIOS-DG SMB srvsvc NetSetFileSecurity WriteAndX unicode little endian andx object call integer overflow attempt (netbios.rules) 13128 <-> NETBIOS DCERPC DIRECT v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13129 <-> NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13130 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13131 <-> NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13132 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13133 <-> NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13134 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13135 <-> NETBIOS DCERPC NCACN-HTTP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13136 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13137 <-> NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13138 <-> NETBIOS DCERPC NCACN-HTTP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13139 <-> NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13140 <-> NETBIOS DCERPC NCADG-IP-UDP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13141 <-> NETBIOS DCERPC DIRECT v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13142 <-> NETBIOS DCERPC DIRECT-UDP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13143 <-> NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13144 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13145 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity little endian integer overflow attempt (netbios.rules) 13146 <-> NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13147 <-> NETBIOS DCERPC NCACN-IP-TCP v4 srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) 13148 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules) 13149 <-> NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules) 13150 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules) 13151 <-> NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules) 13152 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules) 13153 <-> NETBIOS DCERPC DIRECT-UDP srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules) 13154 <-> NETBIOS DCERPC NCACN-HTTP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules) 13155 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules) 13156 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity little endian object call integer overflow attempt (netbios.rules) 13157 <-> NETBIOS DCERPC DIRECT srvsvc NetSetFileSecurity object call integer overflow attempt (netbios.rules) 13158 <-> WEB_CLIENT Microsoft Media Player asf streaming format interchange data integer overflow attempt (web-client.rules) 13159 <-> WEB_CLIENT Microsoft Media Player asf streaming format audio error masking integer overflow attempt (web-client.rules) 13160 <-> WEB-CLIENT Microsft Media Player asf streaming audio spread error correction data length integer overflow attempt (web-client.rules) Updated rules: 103 <-> BACKDOOR subseven 22 (backdoor.rules) 105 <-> BACKDOOR - Dagger_1.4.0 (backdoor.rules) 107 <-> BACKDOOR subseven DEFCON8 2.1 access (backdoor.rules) 108 <-> BACKDOOR QAZ Worm Client Login access (backdoor.rules) 109 <-> BACKDOOR netbus active (backdoor.rules) 110 <-> BACKDOOR netbus getinfo (backdoor.rules) 115 <-> BACKDOOR NetBus Pro 2.0 connection established (backdoor.rules) 117 <-> BACKDOOR Infector.1.x (backdoor.rules) 118 <-> BACKDOOR SatansBackdoor.2.0.Beta (backdoor.rules) 119 <-> BACKDOOR Doly 2.0 access (backdoor.rules) 121 <-> BACKDOOR Infector 1.6 Client to Server Connection Request (backdoor.rules) 141 <-> BACKDOOR HackAttack 1.20 Connect (backdoor.rules) 145 <-> BACKDOOR GirlFriendaccess (backdoor.rules) 146 <-> BACKDOOR NetSphere access (backdoor.rules) 147 <-> BACKDOOR GateCrasher (backdoor.rules) 152 <-> BACKDOOR BackConstruction 2.1 Connection (backdoor.rules) 157 <-> BACKDOOR BackConstruction 2.1 Client FTP Open Request (backdoor.rules) 158 <-> BACKDOOR BackConstruction 2.1 Server FTP Open Reply (backdoor.rules) 163 <-> BACKDOOR WinCrash 1.0 Server Active (backdoor.rules) 185 <-> BACKDOOR CDK (backdoor.rules) 208 <-> BACKDOOR PhaseZero Server Active on Network (backdoor.rules) 209 <-> BACKDOOR w00w00 attempt (backdoor.rules) 210 <-> BACKDOOR attempt (backdoor.rules) 211 <-> BACKDOOR MISC r00t attempt (backdoor.rules) 212 <-> BACKDOOR MISC rewt attempt (backdoor.rules) 213 <-> BACKDOOR MISC Linux rootkit attempt (backdoor.rules) 214 <-> BACKDOOR MISC Linux rootkit attempt lrkr0x (backdoor.rules) 215 <-> BACKDOOR MISC Linux rootkit attempt (backdoor.rules) 216 <-> BACKDOOR MISC Linux rootkit satori attempt (backdoor.rules) 217 <-> BACKDOOR MISC sm4ck attempt (backdoor.rules) 218 <-> BACKDOOR MISC Solaris 2.5 attempt (backdoor.rules) 219 <-> BACKDOOR HidePak backdoor attempt (backdoor.rules) 220 <-> BACKDOOR HideSource backdoor attempt (backdoor.rules) 221 <-> DDOS TFN Probe (ddos.rules) 222 <-> DDOS tfn2k icmp possible communication (ddos.rules) 224 <-> DDOS Stacheldraht server spoof (ddos.rules) 225 <-> DDOS Stacheldraht gag server response (ddos.rules) 226 <-> DDOS Stacheldraht server response (ddos.rules) 227 <-> DDOS Stacheldraht client spoofworks (ddos.rules) 228 <-> DDOS TFN client command BE (ddos.rules) 229 <-> DDOS Stacheldraht client check skillz (ddos.rules) 230 <-> DDOS shaft client login to handler (ddos.rules) 233 <-> DDOS Trin00 Attacker to Master default startup password (ddos.rules) 234 <-> DDOS Trin00 Attacker to Master default password (ddos.rules) 235 <-> DDOS Trin00 Attacker to Master default mdie password (ddos.rules) 236 <-> DDOS Stacheldraht client check gag (ddos.rules) 238 <-> DDOS TFN server response (ddos.rules) 241 <-> DDOS shaft synflood (ddos.rules) 247 <-> DDOS mstream client to handler (ddos.rules) 248 <-> DDOS mstream handler to client (ddos.rules) 250 <-> DDOS mstream handler to client (ddos.rules) 251 <-> DDOS - TFN client command LE (ddos.rules) 255 <-> DNS zone transfer TCP (dns.rules) 257 <-> DNS named version attempt (dns.rules) 258 <-> DNS EXPLOIT named 8.2->8.2.1 (dns.rules) 259 <-> DNS EXPLOIT named overflow ADM (dns.rules) 260 <-> DNS EXPLOIT named overflow ADMROCKS (dns.rules) 261 <-> DNS EXPLOIT named overflow attempt (dns.rules) 262 <-> DNS EXPLOIT x86 Linux overflow attempt (dns.rules) 264 <-> DNS EXPLOIT x86 Linux overflow attempt (dns.rules) 265 <-> DNS EXPLOIT x86 Linux overflow attempt ADMv2 (dns.rules) 266 <-> DNS EXPLOIT x86 FreeBSD overflow attempt (dns.rules) 267 <-> DNS EXPLOIT sparc overflow attempt (dns.rules) 272 <-> DOS IGMP dos attack (dos.rules) 274 <-> DOS ath (dos.rules) 275 <-> DOS NAPTHA (dos.rules) 276 <-> DOS Real Audio Server (dos.rules) 277 <-> DOS Real Server template.html (dos.rules) 278 <-> DOS Real Server template.html (dos.rules) 301 <-> EXPLOIT LPRng overflow (exploit.rules) 302 <-> EXPLOIT Redhat 7.0 lprd overflow (exploit.rules) 303 <-> DNS EXPLOIT named tsig overflow attempt (dns.rules) 308 <-> EXPLOIT NextFTP client overflow (exploit.rules) 337 <-> FTP CEL overflow attempt (ftp.rules) 458 <-> ICMP unassigned type 1 (icmp-info.rules) 459 <-> ICMP unassigned type 1 undefined code (icmp-info.rules) 460 <-> ICMP unassigned type 2 (icmp-info.rules) 461 <-> ICMP unassigned type 2 undefined code (icmp-info.rules) 462 <-> ICMP unassigned type 7 (icmp-info.rules) 463 <-> ICMP unassigned type 7 undefined code (icmp-info.rules) 494 <-> ATTACK-RESPONSES command completed (attack-responses.rules) 497 <-> ATTACK-RESPONSES file copied ok (attack-responses.rules) 523 <-> BAD-TRAFFIC ip reserved bit set (bad-traffic.rules) 526 <-> BAD-TRAFFIC data in TCP SYN packet (bad-traffic.rules) 528 <-> BAD-TRAFFIC loopback traffic (bad-traffic.rules) 540 <-> CHAT MSN message (chat.rules) 541 <-> CHAT ICQ access (chat.rules) 542 <-> CHAT IRC nick change (chat.rules) 614 <-> BACKDOOR hack-a-tack attempt (backdoor.rules) 989 <-> BACKDOOR sensepost.exe command shell attempt (backdoor.rules) 1239 <-> NETBIOS RFParalyze Attempt (netbios.rules) 1257 <-> DOS Winnuke attack (dos.rules) 1321 <-> BAD-TRAFFIC 0 ttl (bad-traffic.rules) 1322 <-> BAD-TRAFFIC bad frag bits (bad-traffic.rules) 1324 <-> EXPLOIT ssh CRC32 overflow /bin/sh (exploit.rules) 1326 <-> EXPLOIT ssh CRC32 overflow NOOP (exploit.rules) 1327 <-> EXPLOIT ssh CRC32 overflow (exploit.rules) 1379 <-> FTP STAT overflow attempt (ftp.rules) 1408 <-> DOS MSDTC attempt (dos.rules) 1431 <-> BAD-TRAFFIC syn to multicast address (bad-traffic.rules) 1435 <-> DNS named authors attempt (dns.rules) 1463 <-> CHAT IRC message (chat.rules) 1545 <-> DOS Cisco attempt (dos.rules) 1549 <-> SMTP HELO overflow attempt (smtp.rules) 1605 <-> DOS iParty DOS attempt (dos.rules) 1627 <-> BAD-TRAFFIC Unassigned/Reserved IP protocol (bad-traffic.rules) 1631 <-> CHAT AIM login (chat.rules) 1633 <-> CHAT AIM receive message (chat.rules) 1639 <-> CHAT IRC DCC file transfer request (chat.rules) 1640 <-> CHAT IRC DCC chat request (chat.rules) 1641 <-> DOS DB2 dos attempt (dos.rules) 1729 <-> CHAT IRC channel join (chat.rules) 1734 <-> FTP USER overflow attempt (ftp.rules) 1755 <-> IMAP partial body buffer overflow attempt (imap.rules) 1777 <-> FTP EXPLOIT STAT * dos attempt (ftp.rules) 1778 <-> FTP EXPLOIT STAT ? dos attempt (ftp.rules) 1789 <-> CHAT IRC dns request (chat.rules) 1790 <-> CHAT IRC dns response (chat.rules) 1810 <-> ATTACK-RESPONSES successful gobbles ssh exploit GOBBLE (attack-responses.rules) 1811 <-> ATTACK-RESPONSES successful gobbles ssh exploit uname (attack-responses.rules) 1812 <-> EXPLOIT gobbles SSH exploit attempt (exploit.rules) 1832 <-> CHAT ICQ forced user addition (chat.rules) 1842 <-> IMAP login buffer overflow attempt (imap.rules) 1843 <-> BACKDOOR trinity connection attempt (backdoor.rules) 1844 <-> IMAP authenticate overflow attempt (imap.rules) 1845 <-> IMAP list literal overflow attempt (imap.rules) 1854 <-> DDOS Stacheldraht handler->agent niggahbitch (ddos.rules) 1855 <-> DDOS Stacheldraht agent->handler skillz (ddos.rules) 1856 <-> DDOS Stacheldraht handler->agent ficken (ddos.rules) 1902 <-> IMAP lsub literal overflow attempt (imap.rules) 1903 <-> IMAP rename overflow attempt (imap.rules) 1904 <-> IMAP find overflow attempt (imap.rules) 1920 <-> FTP SITE NEWER overflow attempt (ftp.rules) 1930 <-> IMAP auth literal overflow attempt (imap.rules) 1971 <-> FTP SITE EXEC format string attempt (ftp.rules) 1972 <-> FTP PASS overflow attempt (ftp.rules) 1974 <-> FTP REST overflow attempt (ftp.rules) 1975 <-> FTP DELE overflow attempt (ftp.rules) 1976 <-> FTP RMD overflow attempt (ftp.rules) 1985 <-> BACKDOOR Doly 1.5 server response (backdoor.rules) 1986 <-> CHAT MSN outbound file transfer request (chat.rules) 1988 <-> CHAT MSN outbound file transfer accept (chat.rules) 1989 <-> CHAT MSN outbound file transfer rejected (chat.rules) 1990 <-> CHAT MSN user search (chat.rules) 1991 <-> CHAT MSN login attempt (chat.rules) 2010 <-> MISC CVS double free exploit attempt response (misc.rules) 2011 <-> MISC CVS invalid directory response (misc.rules) 2048 <-> DELETED MISC rsyncd overflow attempt (deleted.rules) 2100 <-> BACKDOOR SubSeven 2.1 Gold server connection response (backdoor.rules) 2106 <-> IMAP lsub overflow attempt (imap.rules) 2118 <-> IMAP list overflow attempt (imap.rules) 2119 <-> IMAP rename literal overflow attempt (imap.rules) 2124 <-> BACKDOOR Remote PC Access connection attempt (backdoor.rules) 2186 <-> BAD-TRAFFIC IP Proto 53 SWIPE (bad-traffic.rules) 2187 <-> BAD-TRAFFIC IP Proto 55 IP Mobility (bad-traffic.rules) 2188 <-> BAD-TRAFFIC IP Proto 77 Sun ND (bad-traffic.rules) 2189 <-> BAD-TRAFFIC IP Proto 103 PIM (bad-traffic.rules) 2252 <-> NETBIOS SMB-DS DCERPC Remote Activation bind attempt (netbios.rules) 2253 <-> SMTP XEXCH50 overflow attempt (smtp.rules) 2257 <-> NETBIOS DCERPC Messenger Service buffer overflow attempt (netbios.rules) 2258 <-> NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt (netbios.rules) 2259 <-> SMTP EXPN overflow attempt (smtp.rules) 2260 <-> SMTP VRFY overflow attempt (smtp.rules) 2261 <-> SMTP SEND FROM sendmail prescan too many addresses overflow (smtp.rules) 2262 <-> SMTP SEND FROM sendmail prescan too long addresses overflow (smtp.rules) 2263 <-> SMTP SAML FROM sendmail prescan too many addresses overflow (smtp.rules) 2264 <-> SMTP SAML FROM sendmail prescan too long addresses overflow (smtp.rules) 2265 <-> SMTP SOML FROM sendmail prescan too many addresses overflow (smtp.rules) 2266 <-> SMTP SOML FROM sendmail prescan too long addresses overflow (smtp.rules) 2267 <-> SMTP MAIL FROM sendmail prescan too many addresses overflow (smtp.rules) 2268 <-> SMTP MAIL FROM sendmail prescan too long addresses overflow (smtp.rules) 2269 <-> SMTP RCPT TO sendmail prescan too many addresses overflow (smtp.rules) 2270 <-> SMTP RCPT TO sendmail prescan too long addresses overflow (smtp.rules) 2271 <-> BACKDOOR FsSniffer connection attempt (backdoor.rules) 2272 <-> FTP LIST integer overflow attempt (ftp.rules) 2319 <-> EXPLOIT ebola PASS overflow attempt (exploit.rules) 2320 <-> EXPLOIT ebola USER overflow attempt (exploit.rules) 2330 <-> IMAP auth overflow attempt (imap.rules) 2332 <-> FTP MKD format string attempt (ftp.rules) 2333 <-> FTP RENAME format string attempt (ftp.rules) 2334 <-> FTP Yak! FTP server default account login attempt (ftp.rules) 2335 <-> FTP RMD / attempt (ftp.rules) 2338 <-> FTP LIST buffer overflow attempt (ftp.rules) 2340 <-> FTP SITE CHMOD overflow attempt (ftp.rules) 2343 <-> FTP STOR overflow attempt (ftp.rules) 2344 <-> FTP XCWD overflow attempt (ftp.rules) 2373 <-> FTP XMKD overflow attempt (ftp.rules) 2374 <-> FTP NLST overflow attempt (ftp.rules) 2375 <-> BACKDOOR DoomJuice/mydoom.a backdoor upload/execute attempt (backdoor.rules) 2389 <-> FTP RNTO overflow attempt (ftp.rules) 2390 <-> FTP STOU overflow attempt (ftp.rules) 2391 <-> FTP APPE overflow attempt (ftp.rules) 2392 <-> FTP RETR overflow attempt (ftp.rules) 2412 <-> ATTACK-RESPONSES successful cross site scripting forced download attempt (attack-responses.rules) 2416 <-> FTP invalid MDTM command attempt (ftp.rules) 2419 <-> MULTIMEDIA realplayer .ram playlist download attempt (multimedia.rules) 2420 <-> MULTIMEDIA realplayer .rmp playlist download attempt (multimedia.rules) 2421 <-> MULTIMEDIA realplayer .smi playlist download attempt (multimedia.rules) 2422 <-> MULTIMEDIA realplayer .rt playlist download attempt (multimedia.rules) 2423 <-> MULTIMEDIA realplayer .rp playlist download attempt (multimedia.rules) 2449 <-> FTP ALLO overflow attempt (ftp.rules) 2450 <-> CHAT Yahoo IM successful logon (chat.rules) 2451 <-> CHAT Yahoo IM voicechat (chat.rules) 2452 <-> CHAT Yahoo IM ping (chat.rules) 2453 <-> CHAT Yahoo IM conference invitation (chat.rules) 2454 <-> CHAT Yahoo IM conference logon success (chat.rules) 2455 <-> CHAT Yahoo IM conference message (chat.rules) 2456 <-> CHAT Yahoo Messenger File Transfer Receive Request (chat.rules) 2457 <-> CHAT Yahoo IM message (chat.rules) 2458 <-> CHAT Yahoo IM successful chat join (chat.rules) 2459 <-> CHAT Yahoo IM conference offer invitation (chat.rules) 2460 <-> CHAT Yahoo IM conference request (chat.rules) 2461 <-> CHAT Yahoo IM conference watch (chat.rules) 2487 <-> SMTP WinZip MIME content-type buffer overflow (smtp.rules) 2488 <-> SMTP WinZip MIME content-disposition buffer overflow (smtp.rules) 2489 <-> EXPLOIT esignal STREAMQUOTE buffer overflow attempt (exploit.rules) 2497 <-> IMAP SSLv3 invalid data version attempt (imap.rules) 2504 <-> SMTP SSLv3 invalid data version attempt (smtp.rules) 2517 <-> IMAP PCT Client_Hello overflow attempt (imap.rules) 2523 <-> DOS BGP spoofed connection reset attempt (dos.rules) 2527 <-> SMTP STARTTLS attempt (smtp.rules) 2528 <-> SMTP PCT Client_Hello overflow attempt (smtp.rules) 2529 <-> IMAP SSLv3 Client_Hello request (imap.rules) 2530 <-> IMAP SSLv3 Server_Hello request (imap.rules) 2531 <-> IMAP SSLv3 invalid Client_Hello attempt (imap.rules) 2541 <-> SMTP TLS SSLv3 invalid data version attempt (smtp.rules) 2542 <-> SMTP SSLv3 Client_Hello request (smtp.rules) 2543 <-> SMTP SSLv3 Server_Hello request (smtp.rules) 2544 <-> SMTP SSLv3 invalid Client_Hello attempt (smtp.rules) 2546 <-> FTP MDTM overflow attempt (ftp.rules) 2583 <-> MISC CVS Max-dotdot integer overflow attempt (misc.rules) 2584 <-> EXPLOIT eMule buffer overflow attempt (exploit.rules) 2655 <-> MISC HP Web JetAdmin ExecuteFile admin access (misc.rules) 2922 <-> DNS TCP inverse query (dns.rules) 3009 <-> BACKDOOR NetBus Pro 2.0 connection request (backdoor.rules) 3010 <-> BACKDOOR RUX the Tick get windows directory attempt (backdoor.rules) 3011 <-> BACKDOOR RUX the Tick get system directory attempt (backdoor.rules) 3012 <-> BACKDOOR RUX the Tick upload/execute arbitrary file attempt (backdoor.rules) 3013 <-> BACKDOOR Asylum 0.1 connection request (backdoor.rules) 3014 <-> BACKDOOR Asylum 0.1 connection established (backdoor.rules) 3015 <-> BACKDOOR Insane Network 4.0 connection established (backdoor.rules) 3016 <-> BACKDOOR Insane Network 4.0 connection established port 63536 (backdoor.rules) 3017 <-> EXPLOIT WINS overflow attempt (exploit.rules) 3018 <-> NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules) 3019 <-> NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules) 3020 <-> NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt (netbios.rules) 3021 <-> NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules) 3022 <-> NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt (netbios.rules) 3023 <-> NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt (netbios.rules) 3024 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt (netbios.rules) 3025 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt (netbios.rules) 3026 <-> NETBIOS SMB NT Trans NT CREATE SACL overflow attempt (netbios.rules) 3027 <-> NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt (netbios.rules) 3028 <-> NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt (netbios.rules) 3029 <-> NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules) 3030 <-> NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt (netbios.rules) 3031 <-> NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt (netbios.rules) 3032 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt (netbios.rules) 3033 <-> NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt (netbios.rules) 3034 <-> NETBIOS SMB NT Trans NT CREATE DACL overflow attempt (netbios.rules) 3035 <-> NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt (netbios.rules) 3036 <-> NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt (netbios.rules) 3037 <-> NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt (netbios.rules) 3038 <-> NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt (netbios.rules) 3039 <-> NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt (netbios.rules) 3058 <-> IMAP copy literal overflow attempt (imap.rules) 3063 <-> BACKDOOR Vampire 1.2 connection request (backdoor.rules) 3064 <-> BACKDOOR Vampire 1.2 connection confirmation (backdoor.rules) 3066 <-> IMAP append overflow attempt (imap.rules) 3067 <-> IMAP examine literal overflow attempt (imap.rules) 3068 <-> IMAP examine overflow attempt (imap.rules) 3069 <-> IMAP fetch literal overflow attempt (imap.rules) 3071 <-> IMAP status literal overflow attempt (imap.rules) 3073 <-> IMAP subscribe literal overflow attempt (imap.rules) 3074 <-> IMAP subscribe overflow attempt (imap.rules) 3075 <-> IMAP unsubscribe literal overflow attempt (imap.rules) 3076 <-> IMAP unsubscribe overflow attempt (imap.rules) 3081 <-> BACKDOOR Y3KRAT 1.5 Connect (backdoor.rules) 3082 <-> BACKDOOR Y3KRAT 1.5 Connect Client Response (backdoor.rules) 3083 <-> BACKDOOR Y3KRAT 1.5 Connection confirmation (backdoor.rules) 3084 <-> EXPLOIT Veritas backup overflow attempt (exploit.rules) 3085 <-> EXPLOIT AIM goaway message buffer overflow attempt (exploit.rules) 3153 <-> DNS TCP inverse query overflow (dns.rules) 3155 <-> BACKDOOR BackOrifice 2000 Inbound Traffic (backdoor.rules) 3199 <-> EXPLOIT WINS name query overflow attempt TCP (exploit.rules) 3442 <-> DOS WIN32 TCP print service overflow attempt (dos.rules) 3487 <-> IMAP SSLv2 Client_Hello request (imap.rules) 3488 <-> IMAP SSLv2 Client_Hello with pad request (imap.rules) 3489 <-> IMAP TLSv1 Client_Hello request (imap.rules) 3490 <-> IMAP TLSv1 Client_Hello via SSLv2 handshake request (imap.rules) 3491 <-> IMAP SSLv2 Server_Hello request (imap.rules) 3492 <-> IMAP TLSv1 Server_Hello request (imap.rules) 3493 <-> SMTP SSLv2 Client_Hello request (smtp.rules) 3494 <-> SMTP SSLv2 Client_Hello with pad request (smtp.rules) 3495 <-> SMTP TLSv1 Client_Hello request (smtp.rules) 3496 <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules) 3497 <-> SMTP SSLv2 Server_Hello request (smtp.rules) 3498 <-> SMTP TLSv1 Server_Hello request (smtp.rules) 3511 <-> SMTP PCT Client_Hello overflow attempt (smtp.rules) 3517 <-> EXPLOIT Computer Associates license PUTOLF overflow attempt (exploit.rules) 3520 <-> EXPLOIT Computer Associates license GCR NETWORK overflow attempt (exploit.rules) 3521 <-> EXPLOIT Computer Associates license GCR CHECKSUMS overflow attempt (exploit.rules) 3522 <-> EXPLOIT Computer Associates license GETCONFIG server overflow attempt (exploit.rules) 3523 <-> FTP SITE INDEX format string attempt (ftp.rules) 3524 <-> EXPLOIT Computer Associates license invalid GCR CHECKSUMS attempt (exploit.rules) 3525 <-> EXPLOIT Computer Associates license invalid GCR NETWORK attempt (exploit.rules) 3529 <-> EXPLOIT Computer Associates license GETCONFIG client overflow attempt (exploit.rules) 3532 <-> FTP ORACLE password buffer overflow attempt (ftp.rules) 3630 <-> FTP ORACLE TEST command buffer overflow attempt (ftp.rules) 3631 <-> FTP ORACLE user name buffer overflow attempt (ftp.rules) 3635 <-> BACKDOOR Amanda 2.0 connection established (backdoor.rules) 3636 <-> BACKDOOR Crazzy Net 5.0 connection established (backdoor.rules) 3637 <-> EXPLOIT Computer Associates license PUTOLF directory traversal attempt (exploit.rules) 3664 <-> EXPLOIT PPTP echo request buffer overflow attempt (exploit.rules) 3665 <-> MYSQL server greeting (mysql.rules) 3666 <-> MYSQL server greeting finished (mysql.rules) 3667 <-> MYSQL protocol 41 client authentication bypass attempt (mysql.rules) 3668 <-> MYSQL client authentication bypass attempt (mysql.rules) 3669 <-> MYSQL protocol 41 secure client overflow attempt (mysql.rules) 3670 <-> MYSQL secure client overflow attempt (mysql.rules) 3671 <-> MYSQL protocol 41 client overflow attempt (mysql.rules) 3672 <-> MYSQL client overflow attempt (mysql.rules) 3691 <-> CHAT Yahoo Messenger Message (chat.rules) 3692 <-> CHAT Yahoo Messenger File Transfer Initiation Request (chat.rules) 3695 <-> EXPLOIT Veritas Backup Agent password overflow attempt (exploit.rules) 4126 <-> EXPLOIT Veritas Backup Exec root connection attempt using default password hash (exploit.rules) 4129 <-> EXPLOIT Novell ZenWorks Remote Management Agent large login packet DoS attempt (exploit.rules) 4130 <-> EXPLOIT Novell ZenWorks Remote Management Agent buffer overflow Attempt (exploit.rules) 4131 <-> EXPLOIT SHOUTcast URI format string attempt (exploit.rules) 4140 <-> DOS tcpdump tcp LDP print zero length message denial of service attempt (dos.rules) 4637 <-> EXPLOIT MailEnable HTTPMail buffer overflow attempt (exploit.rules) 5335 <-> NETBIOS SMB llsrpc2 WriteAndX alter context attempt (netbios.rules) 5342 <-> NETBIOS SMB llsrpc2 WriteAndX little endian alter context attempt (netbios.rules) 5351 <-> NETBIOS SMB llsrpc2 WriteAndX bind attempt (netbios.rules) 5358 <-> NETBIOS SMB llsrpc2 WriteAndX little endian bind attempt (netbios.rules) 5367 <-> NETBIOS SMB llsrpc2 WriteAndX andx alter context attempt (netbios.rules) 5374 <-> NETBIOS SMB llsrpc2 WriteAndX little endian andx alter context attempt (netbios.rules) 5383 <-> NETBIOS SMB llsrpc2 WriteAndX andx bind attempt (netbios.rules) 5390 <-> NETBIOS SMB llsrpc2 WriteAndX little endian andx bind attempt (netbios.rules) 5685 <-> SMTP TLSv1 Client_Hello via SSLv2 handshake request (smtp.rules) 5686 <-> SMTP TLSv1 Server_Hello request (smtp.rules) 5687 <-> SMTP SSLv2 Client_Hello request (smtp.rules) 5688 <-> SMTP SSLv2 Client_Hello with pad request (smtp.rules) 5689 <-> SMTP TLSv1 Client_Hello request (smtp.rules) 5690 <-> SMTP SSLv3 Client_Hello request (smtp.rules) 5691 <-> SMTP SSLv2 Server_Hello request (smtp.rules) 5804 <-> DELETED SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - ads (deleted.rules) 5806 <-> DELETED SPYWARE-PUT Hijacker searchmiracle-elitebar runtime detection (deleted.rules) 5931 <-> DELETED SPYWARE-PUT Adware cashbar runtime detection - stats track 1 (deleted.rules) 6000 <-> DELETED P2P Skype client login startup (deleted.rules) 6001 <-> DELETED P2P Skype client login (deleted.rules) 6012 <-> BACKDOOR coolcat runtime connection detection - tcp 1 (backdoor.rules) 6013 <-> BACKDOOR coolcat runtime connection detection - tcp 2 (backdoor.rules) 6014 <-> BACKDOOR coolcat runtime connection detection - tcp 3 (backdoor.rules) 6015 <-> BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules) 6016 <-> BACKDOOR dsk lite 1.0 runtime detection - initial connection (backdoor.rules) 6017 <-> BACKDOOR dsk lite 1.0 runtime detection - disconnect (backdoor.rules) 6018 <-> BACKDOOR dsk lite 1.0 runtime detection - icq notification (backdoor.rules) 6019 <-> BACKDOOR dsk lite 1.0 runtime detection - cgi notification (backdoor.rules) 6020 <-> BACKDOOR dsk lite 1.0 runtime detection - php notification (backdoor.rules) 6021 <-> BACKDOOR silent spy 2.10 command response port 4225 (backdoor.rules) 6022 <-> BACKDOOR silent spy 2.10 command response port 4226 (backdoor.rules) 6023 <-> BACKDOOR silent spy 2.10 runtime detection - icq notification (backdoor.rules) 6024 <-> BACKDOOR nuclear rat v6_21 runtime detection (backdoor.rules) 6025 <-> BACKDOOR tequila bandita 1.2 runtime detection - reverse connection (backdoor.rules) 6026 <-> BACKDOOR dimbus 1.0 runtime detection - get pc info (backdoor.rules) 6027 <-> BACKDOOR netshadow runtime detection (backdoor.rules) 6028 <-> BACKDOOR cyberpaky runtime detection (backdoor.rules) 6029 <-> BACKDOOR fkwp 2.0 runtime detection - icq notification (backdoor.rules) 6030 <-> BACKDOOR fkwp 2.0 runtime detection - connection attempt client-to-server (backdoor.rules) 6031 <-> BACKDOOR fkwp 2.0 runtime detection - connection attempt server-to-client (backdoor.rules) 6033 <-> BACKDOOR fkwp 2.0 runtime detection - connection success (backdoor.rules) 6034 <-> BACKDOOR minicommand runtime detection - initial connection client-to-server (backdoor.rules) 6035 <-> BACKDOOR minicommand runtime detection - initial connection server-to-client (backdoor.rules) 6036 <-> BACKDOOR minicommand runtime detection - directory listing server-to-client (backdoor.rules) 6037 <-> BACKDOOR netbus 1.7 runtime detection - email notification (backdoor.rules) 6039 <-> BACKDOOR fade 1.0 runtime detection - notification (backdoor.rules) 6040 <-> BACKDOOR fade 1.0 runtime detection - enable keylogger (backdoor.rules) 6041 <-> BACKDOOR fade 1.0 runtime detection - enable keylogger (backdoor.rules) 6042 <-> BACKDOOR fear 0.2 runtime detection - php notification (backdoor.rules) 6043 <-> BACKDOOR fear 0.2 runtime detection - cgi notification (backdoor.rules) 6044 <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules) 6045 <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules) 6046 <-> BACKDOOR fear 0.2 runtime detection - initial connection (backdoor.rules) 6047 <-> BACKDOOR fun factory runtime detection - connect (backdoor.rules) 6048 <-> BACKDOOR fun factory runtime detection - connect (backdoor.rules) 6049 <-> BACKDOOR fun factory runtime detection - upload (backdoor.rules) 6050 <-> BACKDOOR fun factory runtime detection - upload (backdoor.rules) 6051 <-> BACKDOOR fun factory runtime detection - set volume (backdoor.rules) 6052 <-> BACKDOOR fun factory runtime detection - set volume (backdoor.rules) 6053 <-> BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules) 6054 <-> BACKDOOR fun factory runtime detection - do script remotely (backdoor.rules) 6055 <-> BACKDOOR bifrose 1.1 runtime detection (backdoor.rules) 6056 <-> BACKDOOR bifrose 1.1 runtime detection (backdoor.rules) 6057 <-> BACKDOOR bifrose 1.1 runtime detection (backdoor.rules) 6058 <-> BACKDOOR neurotickat1.3 runtime detection - icq notification (backdoor.rules) 6059 <-> BACKDOOR neurotickat1.3 runtime detection - cgi notification (backdoor.rules) 6060 <-> BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules) 6061 <-> BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules) 6062 <-> BACKDOOR neurotickat1.3 runtime detection - initial connection (backdoor.rules) 6063 <-> BACKDOOR schwindler 1.82 runtime detection (backdoor.rules) 6064 <-> BACKDOOR schwindler 1.82 runtime detection (backdoor.rules) 6065 <-> BACKDOOR optixlite 1.0 runtime detection - connection success client-to-server (backdoor.rules) 6066 <-> BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (backdoor.rules) 6068 <-> BACKDOOR optixlite 1.0 runtime detection - connection failure server-to-client (backdoor.rules) 6069 <-> BACKDOOR optixlite 1.0 runtime detection - icq notification (backdoor.rules) 6070 <-> BACKDOOR freak 1.0 runtime detection - irc notification (backdoor.rules) 6071 <-> BACKDOOR freak 1.0 runtime detection - icq notification (backdoor.rules) 6072 <-> BACKDOOR freak 1.0 runtime detection - initial connection client-to-server (backdoor.rules) 6073 <-> BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (backdoor.rules) 6074 <-> BACKDOOR xhx 1.6 runtime detection - initial connection client-to-server (backdoor.rules) 6075 <-> BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (backdoor.rules) 6076 <-> BACKDOOR amiboide uploader runtime detection - init connection (backdoor.rules) 6077 <-> BACKDOOR autospy runtime detection - get information (backdoor.rules) 6078 <-> BACKDOOR autospy runtime detection - get information (backdoor.rules) 6079 <-> BACKDOOR autospy runtime detection - show autospy (backdoor.rules) 6080 <-> BACKDOOR autospy runtime detection - show autospy (backdoor.rules) 6081 <-> BACKDOOR autospy runtime detection - show nude pic (backdoor.rules) 6082 <-> BACKDOOR autospy runtime detection - show nude pic (backdoor.rules) 6083 <-> BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules) 6084 <-> BACKDOOR autospy runtime detection - hide taskbar (backdoor.rules) 6085 <-> BACKDOOR autospy runtime detection - make directory (backdoor.rules) 6086 <-> BACKDOOR autospy runtime detection - make directory (backdoor.rules) 6087 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6088 <-> BACKDOOR a trojan 2.0 runtime detection - init connection (backdoor.rules) 6089 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6090 <-> BACKDOOR a trojan 2.0 runtime detection - get memory info (backdoor.rules) 6091 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6092 <-> BACKDOOR a trojan 2.0 runtime detection - get harddisk info (backdoor.rules) 6093 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6094 <-> BACKDOOR a trojan 2.0 runtime detection - get drive info (backdoor.rules) 6095 <-> BACKDOOR a trojan 2.0 runtime detection (backdoor.rules) 6096 <-> BACKDOOR a trojan 2.0 runtime detection - get system info (backdoor.rules) 6107 <-> BACKDOOR backage 3.1 runtime detection (backdoor.rules) 6108 <-> BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules) 6109 <-> BACKDOOR dagger v1.1.40 runtime detection (backdoor.rules) 6110 <-> BACKDOOR forced entry v1.1 beta runtime detection (backdoor.rules) 6111 <-> BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules) 6112 <-> BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules) 6113 <-> BACKDOOR optix 1.32 runtime detection - init conn (backdoor.rules) 6114 <-> BACKDOOR optix 1.32 runtime detection - email notification (backdoor.rules) 6115 <-> BACKDOOR optix 1.32 runtime detection - icq notification (backdoor.rules) 6116 <-> BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules) 6117 <-> BACKDOOR fore v1.0 beta runtime detection - init conn (backdoor.rules) 6118 <-> BACKDOOR net runner runtime detection - initial connection client-to-server (backdoor.rules) 6119 <-> BACKDOOR net runner runtime detection - initial connection server-to-client (backdoor.rules) 6120 <-> BACKDOOR net runner runtime detection - download file client-to-server (backdoor.rules) 6121 <-> BACKDOOR net runner runtime detection - download file server-to-client (backdoor.rules) 6122 <-> BACKDOOR millenium v1.0 runtime detection (backdoor.rules) 6125 <-> BACKDOOR dkangel runtime detection - smtp (backdoor.rules) 6126 <-> BACKDOOR dkangel runtime detection - smtp (backdoor.rules) 6128 <-> BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (backdoor.rules) 6129 <-> BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules) 6130 <-> BACKDOOR chupacabra 1.0 runtime detection - get computer name (backdoor.rules) 6131 <-> BACKDOOR chupacabra 1.0 runtime detection (backdoor.rules) 6132 <-> BACKDOOR chupacabra 1.0 runtime detection - get user name (backdoor.rules) 6133 <-> BACKDOOR chupacabra 1.0 runtime detection - send messages (backdoor.rules) 6134 <-> BACKDOOR chupacabra 1.0 runtime detection - delete file (backdoor.rules) 6136 <-> BACKDOOR clindestine 1.0 runtime detection - capture big screen (backdoor.rules) 6137 <-> BACKDOOR clindestine 1.0 runtime detection - capture small screen (backdoor.rules) 6138 <-> BACKDOOR clindestine 1.0 runtime detection - get computer info (backdoor.rules) 6139 <-> BACKDOOR clindestine 1.0 runtime detection - get system directory (backdoor.rules) 6140 <-> BACKDOOR hellzaddiction v1.0e runtime detection - init conn (backdoor.rules) 6141 <-> BACKDOOR hellzaddiction v1.0e runtime detection - init conn (backdoor.rules) 6142 <-> BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (backdoor.rules) 6143 <-> BACKDOOR dark connection inside v1.2 runtime detection (backdoor.rules) 6144 <-> BACKDOOR mantis runtime detection - sent notify option client-to-server 1 (backdoor.rules) 6145 <-> BACKDOOR mantis runtime detection - sent notify option server-to-client (backdoor.rules) 6146 <-> BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (backdoor.rules) 6147 <-> BACKDOOR mantis runtime detection - go to address client-to-server (backdoor.rules) 6148 <-> BACKDOOR mantis runtime detection - go to address server-to-client (backdoor.rules) 6149 <-> BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules) 6150 <-> BACKDOOR netcontrol v1.0.8 runtime detection (backdoor.rules) 6151 <-> BACKDOOR back attack v1.4 runtime detection (backdoor.rules) 6159 <-> BACKDOOR delirium of disorder runtime detection - enable keylogger (backdoor.rules) 6160 <-> BACKDOOR delirium of disorder runtime detection - stop keylogger (backdoor.rules) 6161 <-> BACKDOOR furax 1.0 b2 runtime detection (backdoor.rules) 6164 <-> BACKDOOR psyrat 1.0 runtime detection (backdoor.rules) 6165 <-> BACKDOOR psyrat 1.0 runtime detection (backdoor.rules) 6166 <-> BACKDOOR unicorn runtime detection - initial connection (backdoor.rules) 6167 <-> BACKDOOR unicorn runtime detection - set wallpaper client-to-server (backdoor.rules) 6168 <-> BACKDOOR unicorn runtime detection - set wallpaper server-to-client (backdoor.rules) 6169 <-> BACKDOOR digital rootbeer runtime detection (backdoor.rules) 6170 <-> BACKDOOR digital rootbeer runtime detection (backdoor.rules) 6171 <-> BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules) 6172 <-> BACKDOOR cookie monster 0.24 runtime detection - get version info (backdoor.rules) 6173 <-> BACKDOOR cookie monster 0.24 runtime detection (backdoor.rules) 6174 <-> BACKDOOR cookie monster 0.24 runtime detection - file explorer (backdoor.rules) 6175 <-> BACKDOOR cookie monster 0.24 runtime detection - kill kernel (backdoor.rules) 6176 <-> BACKDOOR guptachar 2.0 runtime detection (backdoor.rules) 6177 <-> BACKDOOR ultimate destruction runtime detection - kill process client-to-server (backdoor.rules) 6178 <-> BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (backdoor.rules) 6179 <-> BACKDOOR bladerunner 0.80 runtime detection (backdoor.rules) 6180 <-> BACKDOOR netraider 0.0 runtime detection (backdoor.rules) 6181 <-> BACKDOOR netraider 0.0 runtime detection (backdoor.rules) 6182 <-> CHAT IRC channel notice (chat.rules) 6285 <-> BACKDOOR antilamer 1.1 runtime detection - set flowbit (backdoor.rules) 6286 <-> BACKDOOR antilamer 1.1 runtime detection (backdoor.rules) 6287 <-> BACKDOOR fictional daemon 4.4 runtime detection - telent (backdoor.rules) 6288 <-> BACKDOOR fictional daemon 4.4 runtime detection - ftp (backdoor.rules) 6289 <-> BACKDOOR netspy runtime detection - command pattern client-to-server (backdoor.rules) 6290 <-> BACKDOOR netspy runtime detection - command pattern server-to-client (backdoor.rules) 6291 <-> BACKDOOR justjoke v2.6 runtime detection (backdoor.rules) 6292 <-> BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (backdoor.rules) 6293 <-> BACKDOOR joker ddos v1.0.1 runtime detection - bomb - initial flowbit (backdoor.rules) 6294 <-> BACKDOOR joker ddos v1.0.1 runtime detection - bomb - second flowbit (backdoor.rules) 6295 <-> BACKDOOR joker ddos v1.0.1 runtime detection - bomb (backdoor.rules) 6296 <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 1 (backdoor.rules) 6297 <-> BACKDOOR insurrection 1.1.0 runtime detection - icq notification 2 (backdoor.rules) 6298 <-> BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (backdoor.rules) 6299 <-> BACKDOOR insurrection 1.1.0 runtime detection - initial connection (backdoor.rules) 6300 <-> BACKDOOR cia 1.3 runtime detection - icq notification (backdoor.rules) 6301 <-> BACKDOOR cia 1.3 runtime detection - smtp notification (backdoor.rules) 6302 <-> BACKDOOR cia runtime detection - initial connection - set flowbit (backdoor.rules) 6303 <-> BACKDOOR cia runtime detection - initial connection (backdoor.rules) 6304 <-> BACKDOOR softwar shadowthief runtime detection - initial connection - set flowbit (backdoor.rules) 6305 <-> BACKDOOR softwar shadowthief runtime detection - initial connection (backdoor.rules) 6306 <-> BACKDOOR shit heep runtime detection (backdoor.rules) 6307 <-> BACKDOOR lamespy runtime detection - initial connection - set flowbit (backdoor.rules) 6308 <-> BACKDOOR lamespy runtime detection - initial connection (backdoor.rules) 6309 <-> BACKDOOR net demon runtime detection - initial connection - password request (backdoor.rules) 6310 <-> BACKDOOR net demon runtime detection - initial connection - password send (backdoor.rules) 6311 <-> BACKDOOR net demon runtime detection - initial connection - password accepted (backdoor.rules) 6312 <-> BACKDOOR net demon runtime detection - message send (backdoor.rules) 6313 <-> BACKDOOR net demon runtime detection - message response (backdoor.rules) 6314 <-> BACKDOOR net demon runtime detection - open browser request (backdoor.rules) 6315 <-> BACKDOOR net demon runtime detection - open browser response (backdoor.rules) 6316 <-> BACKDOOR net demon runtime detection - file manager request (backdoor.rules) 6317 <-> BACKDOOR net demon runtime detection - file manager response (backdoor.rules) 6318 <-> BACKDOOR rtb666 runtime detection (backdoor.rules) 6319 <-> BACKDOOR evilftp runtime detection - init connection (backdoor.rules) 6323 <-> BACKDOOR 3xBackdoor runtime detection - set flowbit (backdoor.rules) 6324 <-> BACKDOOR 3xBackdoor runtime detection (backdoor.rules) 6325 <-> BACKDOOR fucktrojan 1.2 runtime detection - initial connection (backdoor.rules) 6326 <-> BACKDOOR fucktrojan 1.2 runtime detection - flood (backdoor.rules) 6327 <-> BACKDOOR fucktrojan 1.2 runtime detection - flood (backdoor.rules) 6328 <-> BACKDOOR commando runtime detection - initial connection (backdoor.rules) 6329 <-> BACKDOOR commando runtime detection - chat client-to-server (backdoor.rules) 6330 <-> BACKDOOR commando runtime detection - chat server-to-client (backdoor.rules) 6331 <-> BACKDOOR globalkiller1.0 runtime detection - notification (backdoor.rules) 6332 <-> BACKDOOR globalkiller1.0 runtime detection - initial connection (backdoor.rules) 6333 <-> BACKDOOR wincrash 2.0 runtime detection (backdoor.rules) 6334 <-> BACKDOOR backlash runtime detection (backdoor.rules) 6335 <-> BACKDOOR buttman v0.9p runtime detection - remote control - set flowbit (backdoor.rules) 6336 <-> BACKDOOR buttman v0.9p runtime detection - remote control (backdoor.rules) 6337 <-> BACKDOOR hatredfriend file manage command - set flowbit (backdoor.rules) 6338 <-> BACKDOOR hatredfriend file manage command (backdoor.rules) 6339 <-> BACKDOOR hatredfriend email notification detection (backdoor.rules) 6395 <-> BACKDOOR a-311 death runtime detection - initial connection server-to-client (backdoor.rules) 6396 <-> BACKDOOR a-311 death user-agent string detected (backdoor.rules) 6397 <-> BACKDOOR http rat runtime detection - smtp (backdoor.rules) 6398 <-> BACKDOOR http rat runtime detection - http (backdoor.rules) 6399 <-> BACKDOOR rad 1.2.3 runtime detection (backdoor.rules) 6400 <-> BACKDOOR snowdoor runtime detection client-to-server (backdoor.rules) 6401 <-> BACKDOOR snowdoor runtime detection server-to-client (backdoor.rules) 6402 <-> BACKDOOR netangel connection client-to-server (backdoor.rules) 6414 <-> WEB-MISC Novell GroupWise Messenger Accept-Language header buffer overflow attempt (web-misc.rules) 6467 <-> CHAT jabber traffic detected (chat.rules) 6468 <-> CHAT jabber file transfer request (chat.rules) 6472 <-> BACKDOOR bugs runtime detection - file manager client-to-server (backdoor.rules) 6473 <-> BACKDOOR bugs runtime detection - file manager server-to-client (backdoor.rules) 6474 <-> BACKDOOR w32.loosky.gen@mm runtime detection - notification (backdoor.rules) 6475 <-> BACKDOOR badrat 1.1 runtime detection - flowbit set (backdoor.rules) 6476 <-> BACKDOOR badrat 1.1 runtime detection (backdoor.rules) 6497 <-> BACKDOOR exploiter 1.0 runtime detection (backdoor.rules) 6498 <-> BACKDOOR exploiter 1.0 runtime detection (backdoor.rules) 6499 <-> BACKDOOR omerta 1.3 runtime detection (backdoor.rules) 6500 <-> BACKDOOR omerta 1.3 runtime detection (backdoor.rules) 6501 <-> BACKDOOR omerta 1.3 runtime detection (backdoor.rules) 7021 <-> DOS linux kernel SCTP chunkless packet denial of service attempt (dos.rules) 7057 <-> BACKDOOR charon runtime detection - initial connection (backdoor.rules) 7058 <-> BACKDOOR charon runtime detection - download file flowbit 1 (backdoor.rules) 7059 <-> BACKDOOR charon runtime detection - download file/log flowbit 2 (backdoor.rules) 7060 <-> BACKDOOR charon runtime detection - download file/log (backdoor.rules) 7061 <-> BACKDOOR charon runtime detection - download log flowbit 1 (backdoor.rules) 7064 <-> BACKDOOR cybernetic 1.62 runtime detection - email notification (backdoor.rules) 7065 <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (backdoor.rules) 7066 <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (backdoor.rules) 7067 <-> BACKDOOR cybernetic 1.62 runtime detection - reverse connection (backdoor.rules) 7072 <-> BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (backdoor.rules) 7073 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - notification (backdoor.rules) 7074 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - cmd (backdoor.rules) 7075 <-> BACKDOOR bandook 1.0 runtime detection (backdoor.rules) 7076 <-> BACKDOOR minimo v0.6 runtime detection - cgi notification (backdoor.rules) 7077 <-> BACKDOOR minimo v0.6 runtime detection - icq notification (backdoor.rules) 7078 <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 1 (backdoor.rules) 7079 <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 2 (backdoor.rules) 7080 <-> BACKDOOR up and run v1.0 beta runtime detection flowbit 3 (backdoor.rules) 7081 <-> BACKDOOR up and run v1.0 beta runtime detection (backdoor.rules) 7082 <-> BACKDOOR mosucker3.0 runtime detection - client-to-server (backdoor.rules) 7083 <-> BACKDOOR mosucker3.0 runtime detection - server-to-client1 (backdoor.rules) 7084 <-> BACKDOOR erazer v1.1 runtime detection - sin notification (backdoor.rules) 7085 <-> BACKDOOR erazer v1.1 runtime detection (backdoor.rules) 7086 <-> BACKDOOR erazer v1.1 runtime detection - init connection (backdoor.rules) 7087 <-> BACKDOOR sinique 1.0 runtime detection - intial connection with correct password client-to-server (backdoor.rules) 7088 <-> BACKDOOR sinique 1.0 runtime detection - intial connection with correct password server-to-client (backdoor.rules) 7089 <-> BACKDOOR sinique 1.0 runtime detection - intial connection with wrong password -client-to-server (backdoor.rules) 7090 <-> BACKDOOR sinique 1.0 runtime detection - intial connection with wrong password server-to-client (backdoor.rules) 7091 <-> BACKDOOR serveme runtime detection (backdoor.rules) 7096 <-> BACKDOOR remote hack 1.5 runtime detection - logon (backdoor.rules) 7097 <-> BACKDOOR remote hack 1.5 runtime detection - execute file (backdoor.rules) 7098 <-> BACKDOOR remote hack 1.5 runtime detection - get password (backdoor.rules) 7099 <-> BACKDOOR remote hack 1.5 runtime detection - start keylogger (backdoor.rules) 7101 <-> BACKDOOR gwboy 0.92 runtime detection (backdoor.rules) 7102 <-> BACKDOOR gwboy 0.92 runtime detection (backdoor.rules) 7103 <-> BACKDOOR gwboy 0.92 runtime detection - init connection (backdoor.rules) 7104 <-> BACKDOOR aol admin runtime detection (backdoor.rules) 7105 <-> BACKDOOR aol admin runtime detection (backdoor.rules) 7108 <-> BACKDOOR undetected runtime detection (backdoor.rules) 7111 <-> BACKDOOR fearless lite 1.01 runtime detection (backdoor.rules) 7112 <-> BACKDOOR fearless lite 1.01 runtime detection (backdoor.rules) 7113 <-> BACKDOOR donalddick v1.5b3 runtime detection (backdoor.rules) 7114 <-> BACKDOOR donalddick v1.5b3 runtime detection (backdoor.rules) 7115 <-> BACKDOOR ghost 2.3 runtime detection (backdoor.rules) 7116 <-> BACKDOOR y3k 1.2 runtime detection - icq notification (backdoor.rules) 7118 <-> BACKDOOR y3k 1.2 runtime detection - user-agent string detected (backdoor.rules) 7604 <-> BACKDOOR katux 2.0 runtime detection - screen capture - flowbit set (backdoor.rules) 7605 <-> BACKDOOR katux 2.0 runtime detection - screen capture (backdoor.rules) 7606 <-> BACKDOOR katux 2.0 runtime detection - get system info - flowbit set (backdoor.rules) 7607 <-> BACKDOOR katux 2.0 runtime detection - get system info (backdoor.rules) 7608 <-> BACKDOOR katux 2.0 runtime detection - chat - flowbit set (backdoor.rules) 7609 <-> BACKDOOR katux 2.0 runtime detection - chat (backdoor.rules) 7610 <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 1 (backdoor.rules) 7611 <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 2 (backdoor.rules) 7612 <-> BACKDOOR flux 1.0 runtime detection - initial connection - flowbit 3 (backdoor.rules) 7613 <-> BACKDOOR flux 1.0 runtime detection - successful initial connection (backdoor.rules) 7614 <-> BACKDOOR flux 1.0 runtime detection - keep alive - flowbit set (backdoor.rules) 7615 <-> BACKDOOR flux 1.0 runtime detection - keep alive (backdoor.rules) 7616 <-> BACKDOOR theef 2.0 runtime detection - connection without password (backdoor.rules) 7617 <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 1 (backdoor.rules) 7618 <-> BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (backdoor.rules) 7619 <-> BACKDOOR theef 2.0 runtime detection - connection request with password (backdoor.rules) 7620 <-> BACKDOOR remote control 1.7 runtime detection - connection request flowbit 1 (backdoor.rules) 7621 <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (backdoor.rules) 7622 <-> BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (backdoor.rules) 7623 <-> BACKDOOR remote control 1.7 runtime detection - connection request (backdoor.rules) 7624 <-> BACKDOOR remote control 1.7 runtime detection - data communication (backdoor.rules) 7625 <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 1 (backdoor.rules) 7626 <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (backdoor.rules) 7627 <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (backdoor.rules) 7628 <-> BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (backdoor.rules) 7629 <-> BACKDOOR skyrat show runtime detection - initial connection (backdoor.rules) 7630 <-> BACKDOOR helios 3.1 runtime detection - initial connection (backdoor.rules) 7631 <-> BACKDOOR hornet 1.0 runtime detection - fetch system info - flowbit set (backdoor.rules) 7632 <-> BACKDOOR hornet 1.0 runtime detection - fetch system info (backdoor.rules) 7633 <-> BACKDOOR hornet 1.0 runtime detection - irc connection - flowbit set (backdoor.rules) 7634 <-> BACKDOOR hornet 1.0 runtime detection - irc connection (backdoor.rules) 7635 <-> BACKDOOR hornet 1.0 runtime detection - fetch process list - flowbit set (backdoor.rules) 7636 <-> BACKDOOR hornet 1.0 runtime detection - fetch processes list (backdoor.rules) 7637 <-> BACKDOOR hornet 1.0 runtime detection - icq notification (backdoor.rules) 7638 <-> BACKDOOR ncph runtime detection - initial connection (backdoor.rules) 7639 <-> BACKDOOR air runtime detection - php notification (backdoor.rules) 7640 <-> BACKDOOR air runtime detection - webmail notification (backdoor.rules) 7641 <-> BACKDOOR am remote client runtime detection - client-to-server (backdoor.rules) 7642 <-> BACKDOOR am remote client runtime detection - server-to-client (backdoor.rules) 7643 <-> BACKDOOR netcontrol takeover runtime detection (backdoor.rules) 7644 <-> BACKDOOR ullysse runtime detection - client-to-server (backdoor.rules) 7645 <-> BACKDOOR snipernet 2.1 runtime detection - flowbit set (backdoor.rules) 7646 <-> BACKDOOR snipernet 2.1 runtime detection (backdoor.rules) 7647 <-> BACKDOOR minicom lite runtime detection - udp (backdoor.rules) 7648 <-> BACKDOOR minicom lite runtime detection - client-to-server (backdoor.rules) 7649 <-> BACKDOOR minicom lite runtime detection - server-to-client (backdoor.rules) 7650 <-> BACKDOOR small uploader 1.01 runtime detection - initial connection - flowbit set (backdoor.rules) 7651 <-> BACKDOOR small uploader 1.01 runtime detection - initial connection (backdoor.rules) 7652 <-> BACKDOOR small uploader 1.01 runtime detection - get server information - flowbit set (backdoor.rules) 7653 <-> BACKDOOR small uploader 1.01 runtime detection - get server information (backdoor.rules) 7654 <-> BACKDOOR small uploader 1.01 runtime detection - remote shell - flowbit set (backdoor.rules) 7655 <-> BACKDOOR small uploader 1.01 runtime detection - remote shell (backdoor.rules) 7656 <-> BACKDOOR diems mutter runtime detection - client-to-server (backdoor.rules) 7657 <-> BACKDOOR diems mutter runtime detection - server-to-client (backdoor.rules) 7658 <-> BACKDOOR jodeitor 1.1 runtime detection - initial connection (backdoor.rules) 7659 <-> BACKDOOR lan filtrator 1.1 runtime detection - sin notification (backdoor.rules) 7660 <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request - flowbit set (backdoor.rules) 7661 <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (backdoor.rules) 7662 <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection - flowbit set (backdoor.rules) 7663 <-> BACKDOOR snid x2 v1.2 runtime detection - initial connection (backdoor.rules) 7664 <-> BACKDOOR screen control 1.0 runtime detection - flowbit set (backdoor.rules) 7665 <-> BACKDOOR screen control 1.0 runtime detection - initial connection (backdoor.rules) 7667 <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (backdoor.rules) 7668 <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 - flowbit set (backdoor.rules) 7669 <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (backdoor.rules) 7670 <-> BACKDOOR digital upload runtime detection - initial connection (backdoor.rules) 7671 <-> BACKDOOR digital upload runtime detection - chat (backdoor.rules) 7672 <-> BACKDOOR remoter runtime detection - initial connection (backdoor.rules) 7673 <-> BACKDOOR remote havoc runtime detection - flowbit set 1 (backdoor.rules) 7674 <-> BACKDOOR remote havoc runtime detection - flowbit set 2 (backdoor.rules) 7675 <-> BACKDOOR remote havoc runtime detection (backdoor.rules) 7676 <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection - flowbit set (backdoor.rules) 7677 <-> BACKDOOR cool remote control or crackdown runtime detection - initial connection (backdoor.rules) 7678 <-> BACKDOOR cool remote control 1.12 runtime detection - upload file - flowbit set (backdoor.rules) 7679 <-> BACKDOOR cool remote control 1.12 runtime detection - upload file (backdoor.rules) 7680 <-> BACKDOOR cool remote control 1.12 runtime detection - download file - flowbit set (backdoor.rules) 7681 <-> BACKDOOR cool remote control 1.12 runtime detection - download file (backdoor.rules) 7682 <-> BACKDOOR acid head 1.00 runtime detection - flowbit set (backdoor.rules) 7683 <-> BACKDOOR acid head 1.00 runtime detection (backdoor.rules) 7684 <-> BACKDOOR hrat 1.0 runtime detection (backdoor.rules) 7685 <-> BACKDOOR illusion runtime detection - get remote info client-to-server (backdoor.rules) 7686 <-> BACKDOOR illusion runtime detection - get remote info server-to-client (backdoor.rules) 7687 <-> BACKDOOR illusion runtime detection - file browser client-to-server (backdoor.rules) 7688 <-> BACKDOOR illusion runtime detection - file browser server-to-client (backdoor.rules) 7689 <-> BACKDOOR evade runtime detection - initial connection (backdoor.rules) 7690 <-> BACKDOOR evade runtime detection - file manager - flowbit set (backdoor.rules) 7691 <-> BACKDOOR evade runtime detection - file manager (backdoor.rules) 7692 <-> BACKDOOR exception 1.0 runtime detection - notification (backdoor.rules) 7693 <-> BACKDOOR exception 1.0 runtime detection - intial connection client-to-server (backdoor.rules) 7694 <-> BACKDOOR exception 1.0 runtime detection - intial connection server-to-client (backdoor.rules) 7695 <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 1 (backdoor.rules) 7696 <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 2 (backdoor.rules) 7697 <-> BACKDOOR hanky panky 1.1 runtime detection - initial connection (backdoor.rules) 7698 <-> BACKDOOR brain wiper runtime detection - launch application - flowbit set (backdoor.rules) 7699 <-> BACKDOOR brain wiper runtime detection - launch application (backdoor.rules) 7700 <-> BACKDOOR brain wiper runtime detection - chat - flowbit set (backdoor.rules) 7701 <-> BACKDOOR brain wiper runtime detection - chat (backdoor.rules) 7702 <-> BACKDOOR roach 1.0 runtime detection - remote control actions - flowbit set (backdoor.rules) 7703 <-> BACKDOOR roach 1.0 runtime detection - remote control actions (backdoor.rules) 7704 <-> BACKDOOR roach 1.0 server installation notification - email (backdoor.rules) 7705 <-> BACKDOOR omniquad instant remote control runtime detection - initial connection - flowbit set (backdoor.rules) 7706 <-> BACKDOOR omniquad instant remote control runtime detection - initial connection (backdoor.rules) 7707 <-> BACKDOOR omniquad instant remote control runtime detection - file transfer setup (backdoor.rules) 7708 <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules) 7709 <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (backdoor.rules) 7710 <-> BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (backdoor.rules) 7711 <-> BACKDOOR amitis runtime command detection attacker to victim (backdoor.rules) 7712 <-> BACKDOOR amitis runtime detection victim to attacker (backdoor.rules) 7713 <-> BACKDOOR amitis v1.3 runtime detection - email notification (backdoor.rules) 7714 <-> BACKDOOR netdevil runtime detection - flowbit set 1 (backdoor.rules) 7715 <-> BACKDOOR netdevil runtime detection - flowbit set 2 (backdoor.rules) 7716 <-> BACKDOOR netdevil runtime detection (backdoor.rules) 7717 <-> BACKDOOR snake trojan runtime detection (backdoor.rules) 7718 <-> BACKDOOR dameware mini remote control runtime detection - initial connection - flowbit set (backdoor.rules) 7719 <-> BACKDOOR dameware mini remote control runtime detection - initial connection (backdoor.rules) 7720 <-> BACKDOOR desktop scout runtime detection (backdoor.rules) 7721 <-> BACKDOOR prorat 1.9 initial connection detection (backdoor.rules) 7722 <-> BACKDOOR prorat 1.9 cgi notification detection (backdoor.rules) 7723 <-> BACKDOOR wollf runtime detection (backdoor.rules) 7724 <-> BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (backdoor.rules) 7725 <-> DELETED BACKDOOR reversable ver1.0 runtime detection - initial connection (deleted.rules) 7726 <-> BACKDOOR reversable ver1.0 runtime detection - execute command - flowbit set (backdoor.rules) 7727 <-> BACKDOOR reversable ver1.0 runtime detection - execute command (backdoor.rules) 7728 <-> BACKDOOR radmin runtime detection - client-to-server (backdoor.rules) 7729 <-> BACKDOOR radmin runtime detection - server-to-client (backdoor.rules) 7730 <-> BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (backdoor.rules) 7731 <-> BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client (backdoor.rules) 7732 <-> BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (backdoor.rules) 7733 <-> BACKDOOR outbreak_0.2.7 runtime detection - initial connection (backdoor.rules) 7734 <-> BACKDOOR bionet 4.05 runtime detection - initial connection - flowbit set (backdoor.rules) 7735 <-> BACKDOOR bionet 4.05 runtime detection - initial connection (backdoor.rules) 7736 <-> BACKDOOR bionet 4.05 runtime detection - file manager - flowbit set (backdoor.rules) 7737 <-> BACKDOOR bionet 4.05 runtime detection - file manager (backdoor.rules) 7738 <-> BACKDOOR alexmessomalex runtime detection - initial connection (backdoor.rules) 7739 <-> BACKDOOR alexmessomalex runtime detection - grab (backdoor.rules) 7740 <-> BACKDOOR nova 1.0 runtime detection - initial connection with pwd set - flowbit set (backdoor.rules) 7741 <-> BACKDOOR nova 1.0 runtime detection - initial connection with pwd set (backdoor.rules) 7742 <-> BACKDOOR nova 1.0 runtime detection - cgi notification client-to-server (backdoor.rules) 7743 <-> BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (backdoor.rules) 7744 <-> BACKDOOR phoenix 2.1 runtime detection - flowbit set (backdoor.rules) 7745 <-> BACKDOOR phoenix 2.1 runtime detection (backdoor.rules) 7746 <-> BACKDOOR bobo 1.0 runtime detection - initial connection - flowbit set (backdoor.rules) 7747 <-> BACKDOOR bobo 1.0 runtime detection - initial connection (backdoor.rules) 7748 <-> BACKDOOR bobo 1.0 runtime detection - send message - flowbit set (backdoor.rules) 7749 <-> BACKDOOR bobo 1.0 runtime detection - send message (backdoor.rules) 7750 <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 1 (backdoor.rules) 7751 <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 2 (backdoor.rules) 7752 <-> BACKDOOR buschtrommel 1.22 runtime detection - initial connection (backdoor.rules) 7753 <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 1 (backdoor.rules) 7754 <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 2 (backdoor.rules) 7755 <-> BACKDOOR buschtrommel 1.22 runtime detection - spy function (backdoor.rules) 7756 <-> BACKDOOR beast 2.02 runtime detection - initial connection - flowbit set (backdoor.rules) 7757 <-> BACKDOOR beast 2.02 runtime detection - initial connection (backdoor.rules) 7758 <-> BACKDOOR glacier runtime detection - initial connection and directory browse (backdoor.rules) 7759 <-> BACKDOOR glacier runtime detection - screen capture (backdoor.rules) 7760 <-> BACKDOOR netthief runtime detection (backdoor.rules) 7761 <-> BACKDOOR analftp 0.1 runtime detection - initial connection (backdoor.rules) 7762 <-> BACKDOOR analftp 0.1 runtime detection - icq notification (backdoor.rules) 7763 <-> BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (backdoor.rules) 7764 <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo client-to-server (backdoor.rules) 7765 <-> BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (backdoor.rules) 7766 <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (backdoor.rules) 7767 <-> BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (backdoor.rules) 7768 <-> BACKDOOR data rape runtime detection - execute program client-to-server (backdoor.rules) 7769 <-> BACKDOOR data rape runtime detection - execute program server-to-client (backdoor.rules) 7770 <-> BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set (backdoor.rules) 7771 <-> BACKDOOR messiah 4.0 runtime detection - get server info (backdoor.rules) 7772 <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set (backdoor.rules) 7773 <-> BACKDOOR messiah 4.0 runtime detection - enable keylogger (backdoor.rules) 7774 <-> BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set (backdoor.rules) 7775 <-> BACKDOOR messiah 4.0 runtime detection - screen capture (backdoor.rules) 7776 <-> BACKDOOR messiah 4.0 runtime detection - get drives - flowbit set (backdoor.rules) 7777 <-> BACKDOOR messiah 4.0 runtime detection - get drives (backdoor.rules) 7778 <-> BACKDOOR elfrat runtime detection - initial connection (backdoor.rules) 7782 <-> BACKDOOR netdevil runtime detection - file manager - flowbit set (backdoor.rules) 7783 <-> BACKDOOR netdevil runtime detection - file manager (backdoor.rules) 7784 <-> BACKDOOR forced control uploader runtime detection - connection with password - flowbit set (backdoor.rules) 7785 <-> BACKDOOR forced control uploader runtime detection - connection with password (backdoor.rules) 7786 <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 1 (backdoor.rules) 7787 <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 2 (backdoor.rules) 7788 <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 3 (backdoor.rules) 7789 <-> BACKDOOR forced control uploader runtime detection directory listing - flowbit set 4 (backdoor.rules) 7790 <-> BACKDOOR forced control uploader runtime detection directory listing (backdoor.rules) 7791 <-> BACKDOOR remote anything 5.11.22 runtime detection - victim response (backdoor.rules) 7792 <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (backdoor.rules) 7793 <-> BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (backdoor.rules) 7794 <-> BACKDOOR fraggle rock 2.0 lite runtime detection - pc info - flowbit set (backdoor.rules) 7795 <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules) 7796 <-> BACKDOOR incommand 1.7 runtime detection - init connection (backdoor.rules) 7797 <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules) 7798 <-> BACKDOOR incommand 1.7 runtime detection - file manage 1 (backdoor.rules) 7799 <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules) 7800 <-> BACKDOOR incommand 1.7 runtime detection - file manage 2 (backdoor.rules) 7803 <-> BACKDOOR war trojan ver1.0 runtime detection - send messages (backdoor.rules) 7804 <-> BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (backdoor.rules) 7805 <-> BACKDOOR war trojan ver1.0 runtime detection - ie hijacker (backdoor.rules) 7806 <-> BACKDOOR fatal wound 1.0 runtime detection - initial connection (backdoor.rules) 7807 <-> BACKDOOR fatal wound 1.0 runtime detection - execute file (backdoor.rules) 7808 <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules) 7809 <-> BACKDOOR fatal wound 1.0 runtime detection - upload (backdoor.rules) 7810 <-> BACKDOOR nuclear uploader 1.0 runtime detection (backdoor.rules) 7811 <-> BACKDOOR abacab runtime detection - telnet initial (backdoor.rules) 7812 <-> BACKDOOR abacab runtime detection - banner (backdoor.rules) 7813 <-> BACKDOOR darkmoon initial connection detection - cts (backdoor.rules) 7814 <-> BACKDOOR darkmoon initial connection detection - stc (backdoor.rules) 7815 <-> BACKDOOR darkmoon reverse connection detection - stc (backdoor.rules) 7816 <-> BACKDOOR darkmoon reverse connection detection - cts (backdoor.rules) 7817 <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules) 7818 <-> BACKDOOR infector v1.0 runtime detection - init conn (backdoor.rules) 7819 <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules) 7820 <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules) 7821 <-> BACKDOOR nightcreature beta 0.01 runtime detection (backdoor.rules) 7822 <-> BACKDOOR xbkdr runtime detection (backdoor.rules) 7960 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7961 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 7962 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7963 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 7964 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7965 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 7966 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7967 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 7968 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID access (deleted.rules) 7969 <-> DELETED WEB-CLIENT mk Asychronous Pluggable Protocol Handler ActiveX CLSID unicode access (deleted.rules) 8060 <-> EXPLOIT UltraVNC VNCLog buffer overflow (exploit.rules) 8074 <-> BACKDOOR mithril runtime detection - init connection (backdoor.rules) 8075 <-> BACKDOOR mithril runtime detection - get system information (backdoor.rules) 8076 <-> BACKDOOR mithril runtime detection - get system information (backdoor.rules) 8077 <-> BACKDOOR mithril runtime detection - get process list (backdoor.rules) 8078 <-> BACKDOOR mithril runtime detection - get process list (backdoor.rules) 8079 <-> BACKDOOR x2a runtime detection - init connection (backdoor.rules) 8080 <-> BACKDOOR x2a runtime detection - client update (backdoor.rules) 8361 <-> BACKDOOR black curse 4.0 runtime detection - inverse init connection (backdoor.rules) 8362 <-> BACKDOOR black curse 4.0 runtime detection - normal init connection (backdoor.rules) 8432 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules) 8433 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules) 8434 <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules) 8435 <-> SMTP SSLv3 openssl get shared ciphers overflow attempt (smtp.rules) 8436 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules) 8437 <-> SMTP SSLv2 openssl get shared ciphers overflow attempt (smtp.rules) 8438 <-> IMAP SSLv2 openssl get shared ciphers overflow attempt (imap.rules) 8439 <-> IMAP SSLv3 openssl get shared ciphers overflow attempt (imap.rules) 8470 <-> BACKDOOR superspy 2.0 beta runtime detection - get system info (backdoor.rules) 8471 <-> BACKDOOR superspy 2.0 beta runtime detection - get system info (backdoor.rules) 8472 <-> BACKDOOR superspy 2.0 beta runtime detection - screen capture (backdoor.rules) 8473 <-> BACKDOOR superspy 2.0 beta runtime detection - screen capture (backdoor.rules) 8474 <-> BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage (backdoor.rules) 8475 <-> BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage (backdoor.rules) 8476 <-> BACKDOOR superspy 2.0 beta runtime detection - file management (backdoor.rules) 8477 <-> BACKDOOR superspy 2.0 beta runtime detection - file management (backdoor.rules) 8479 <-> FTP HELP overflow attempt (ftp.rules) 8480 <-> FTP PORT overflow attempt (ftp.rules) 8481 <-> FTP Microsoft NLST * dos attempt (ftp.rules) 8547 <-> BACKDOOR zzmm 2.0 runtime detection - init connection (backdoor.rules) 8548 <-> BACKDOOR zzmm 2.0 runtime detection - init connection (backdoor.rules) 8549 <-> BACKDOOR zxshell runtime detection - setting information retrieve (backdoor.rules) 8702 <-> EXPLOIT IceCast header buffer overflow attempt (exploit.rules) 8703 <-> EXPLOIT IceCast header buffer overflow attempt (exploit.rules) 8709 <-> DNS Windows NAT helper components tcp denial of service attempt (dns.rules) 8730 <-> DOS record route rr denial of service attempt (dos.rules) 9325 <-> DOS Citrix IMA DOS event data length denial of service attempt (dos.rules) 9653 <-> BACKDOOR apofis 1.0 runtime detection - php notification (backdoor.rules) 9654 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules) 9655 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules) 9656 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules) 9657 <-> BACKDOOR bersek 1.0 runtime detection - init connection (backdoor.rules) 9658 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules) 9659 <-> BACKDOOR bersek 1.0 runtime detection - file manage (backdoor.rules) 9660 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules) 9661 <-> BACKDOOR bersek 1.0 runtime detection - show processes (backdoor.rules) 9662 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules) 9663 <-> BACKDOOR bersek 1.0 runtime detection - start remote shell (backdoor.rules) 9664 <-> BACKDOOR crossbow 1.12 runtime detection (backdoor.rules) 9665 <-> BACKDOOR crossbow 1.12 runtime detection - init connection (backdoor.rules) 9666 <-> BACKDOOR superra runtime detection - success init connection (backdoor.rules) 9667 <-> BACKDOOR superra runtime detection - issue remote control command (backdoor.rules) 9790 <-> EXPLOIT HP-UX lpd command execution attempt (exploit.rules) 9792 <-> FTP PASV overflow attempt (ftp.rules) 9832 <-> BACKDOOR ieva 1.0 runtime detection - send message (backdoor.rules) 9833 <-> BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (backdoor.rules) 9834 <-> BACKDOOR ieva 1.0 runtime detection - black screen (backdoor.rules) 9835 <-> BACKDOOR ieva 1.0 runtime detection - swap mouse (backdoor.rules) 9836 <-> BACKDOOR ieva 1.0 runtime detection - crazy mouse (backdoor.rules) 9837 <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules) 9838 <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules) 9839 <-> BACKDOOR sun shadow 1.70 runtime detection - keep alive (backdoor.rules) 9841 <-> SMTP Microsoft Outlook VEVENT overflow attempt (smtp.rules) 10010 <-> EXPLOIT Putty Server key exchange buffer overflow attempt (exploit.rules) 10011 <-> IMAP Novell NetMail APPEND command buffer overflow attempt (imap.rules) 10012 <-> SMTP Microsoft Outlook VEVENT non-TZID overflow attempt (smtp.rules) 10101 <-> BACKDOOR crossfires trojan 3.0 runtime detection - delete file (backdoor.rules) 10102 <-> BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (backdoor.rules) 10103 <-> BACKDOOR hav-rat 1.1 runtime detection (backdoor.rules) 10104 <-> BACKDOOR hav-rat 1.1 runtime detection (backdoor.rules) 10105 <-> BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (backdoor.rules) 10106 <-> DELETED BACKDOOR icmp cmd 1.0 runtime detection - download file (deleted.rules) 10107 <-> BACKDOOR icmp cmd 1.0 runtime detection - pslist (backdoor.rules) 10108 <-> BACKDOOR icmp cmd 1.0 runtime detection - pskill (backdoor.rules) 10109 <-> BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (backdoor.rules) 10110 <-> BACKDOOR poison ivy 2.1.2 runtime detection (backdoor.rules) 10111 <-> BACKDOOR poison ivy 2.1.2 runtime detection - init connection (backdoor.rules) 10112 <-> BACKDOOR rix3 1.0 runtime detection - init connection (backdoor.rules) 10135 <-> DOS Squid proxy FTP denial of service attempt (dos.rules) 10168 <-> BACKDOOR one runtime detection (backdoor.rules) 10169 <-> BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (backdoor.rules) 10184 <-> BACKDOOR wow 23 runtime detection (backdoor.rules) 10185 <-> BACKDOOR x-door runtime detection (backdoor.rules) 10195 <-> WEB-MISC Content-Length buffer overflow attempt (web-misc.rules) 10196 <-> BACKDOOR Wordpress backdoor feed.php code execution attempt (backdoor.rules) 10197 <-> BACKDOOR Wordpress backdoor theme.php code execution attempt (backdoor.rules) 10442 <-> BACKDOOR nirvana 2.0 runtime detection - explore c drive (backdoor.rules) 10443 <-> BACKDOOR acidbattery 1.0 runtime detection - sniff info (backdoor.rules) 10444 <-> BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (backdoor.rules) 10445 <-> BACKDOOR acidbattery 1.0 runtime detection - get password (backdoor.rules) 10446 <-> BACKDOOR acidbattery 1.0 runtime detection - get server info (backdoor.rules) 10447 <-> BACKDOOR 51d 1b runtime detection - icq notification (backdoor.rules) 10448 <-> BACKDOOR acessor 2.0 runtime detection - init connection (backdoor.rules) 10449 <-> BACKDOOR acid shivers runtime detection - init telnet connection (backdoor.rules) 10450 <-> BACKDOOR only 1 rat runtime detection - control command (backdoor.rules) 10451 <-> BACKDOOR only 1 rat runtime detection - control command (backdoor.rules) 10452 <-> BACKDOOR only 1 rat runtime detection - icmp request (backdoor.rules) 10453 <-> BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (backdoor.rules) 10454 <-> BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (backdoor.rules) 10455 <-> BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (backdoor.rules) 10456 <-> BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (backdoor.rules) 10457 <-> BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (backdoor.rules) 10458 <-> BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (backdoor.rules) 10459 <-> BACKDOOR wineggdrop shell pro runtime detection - init connection (backdoor.rules) 10460 <-> BACKDOOR winicabras 1.1 runtime detection - get system info (backdoor.rules) 10461 <-> BACKDOOR winicabras 1.1 runtime detection - get system info (backdoor.rules) 10462 <-> BACKDOOR winicabras 1.1 runtime detection - explorer (backdoor.rules) 10463 <-> BACKDOOR winicabras 1.1 runtime detection - explorer (backdoor.rules) 11185 <-> DOS CA eTrust key handling dos -- username (dos.rules) 11186 <-> DOS CA eTrust key handling dos -- password (dos.rules) 11263 <-> DOS Apache mod_ssl non-SSL connection to SSL port denial of service attempt (dos.rules) 11314 <-> BACKDOOR shadownet remote spy 2.0 runtime detection (backdoor.rules) 11315 <-> DELETED BACKDOOR ykw v375 runtime detection (deleted.rules) 11316 <-> BACKDOOR lurker 1.1 runtime detection - init connection (backdoor.rules) 11317 <-> BACKDOOR abremote pro 3.1 runtime detection - init connection (backdoor.rules) 11318 <-> BACKDOOR boer runtime detection - init connection (backdoor.rules) 11319 <-> BACKDOOR netwindow runtime detection - init connection request (backdoor.rules) 11320 <-> BACKDOOR netwindow runtime detection - reverse mode init connection request (backdoor.rules) 11322 <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules) 11323 <-> BACKDOOR sohoanywhere runtime detection (backdoor.rules) 11968 <-> VOIP-SIP inbound INVITE message (voip.rules) 11969 <-> VOIP-SIP inbound 401 unauthorized message (voip.rules) 11970 <-> VOIP-SIP Cisco 7940/7960 INVITE Remote-Party-ID denial of service attempt (voip.rules) 11971 <-> VOIP-SIP CSeq buffer overflow attempt (voip.rules) 11972 <-> VOIP-SIP Max-Forwards value over 70 (voip.rules) 11973 <-> VOIP-SIP Via header hostname buffer overflow attempt (voip.rules) 11974 <-> VOIP-SIP response too small (voip.rules) 11975 <-> VOIP-SIP Via header missing SIP field (voip.rules) 11976 <-> VOIP-SIP overflow in URI type - SIP (voip.rules) 11977 <-> VOIP-SIP overflow in URI type - Tel (voip.rules) 11978 <-> VOIP-SIP from header field buffer overflow attempt (voip.rules) 11979 <-> VOIP-SIP oversized SDP media port (voip.rules) 11980 <-> VOIP-SIP SDP attribute buffer overflow attempt (voip.rules) 11981 <-> VOIP-SIP MultiTech INVITE field buffer overflow attempt (voip.rules) 11982 <-> VOIP-SIP recursive URL-encoded data in To header (voip.rules) 11983 <-> VOIP-SIP SDP negative time value (voip.rules) 11984 <-> VOIP-SIP SDP oversized time value (voip.rules) 11985 <-> VOIP-SIP Expires header overflow attempt (voip.rules) 11986 <-> VOIP-SIP invalid characters in authorization response parameter (voip.rules) 11987 <-> VOIP-SIP Via header format string attempt (voip.rules) 11988 <-> VOIP-SIP From header format string attempt (voip.rules) 11989 <-> VOIP-SIP Call-ID header format string attempt (voip.rules) 11990 <-> VOIP-SIP Contact header format string attempt (voip.rules) 11991 <-> VOIP-SIP CSeq header format string attempt (voip.rules) 11992 <-> VOIP-SIP Content-Type header format string attempt (voip.rules) 11993 <-> VOIP-SIP Call-ID header invalid characters detected (voip.rules) 11994 <-> VOIP-SIP Contact header invalid characters detected (voip.rules) 11995 <-> VOIP-SIP Content-Type header invalid characters detected (voip.rules) 11996 <-> VOIP-SIP CSeq header invalid characters detected (voip.rules) 11997 <-> VOIP-SIP From header invalid characters detected (voip.rules) 11998 <-> VOIP-SIP To header invalid characters detected (voip.rules) 11999 <-> VOIP-SIP Via header invalid characters detected (voip.rules) 12000 <-> VOIP-SIP INVITE invalid IP address (voip.rules) 12001 <-> VOIP-SIP SDP version overflow attempt (voip.rules) 12002 <-> VOIP-SIP BYE flood (voip.rules) 12003 <-> VOIP-SIP CANCEL flood (voip.rules) 12004 <-> VOIP-SIP INVITE message invalid Content-Length size of zero (voip.rules) 12005 <-> VOIP-SIP invalid SDP connection value (voip.rules) 12006 <-> VOIP-SIP outbound INVITE message (voip.rules) 12007 <-> VOIP-SIP outbound 401 Unauthorized message (voip.rules) 12009 <-> SQL Firebird SQL Fbserver buffer overflow attempt (sql.rules) 12061 <-> SIP request line equal To zero (voip.rules) 12072 <-> VOIP-SIP response code not three digits (voip.rules) 12073 <-> VOIP-SIP inbound 100 Trying message (voip.rules) 12074 <-> VOIP-SIP outbound 100 Trying message (voip.rules) 12112 <-> VOIP-SIP Sivus scanner detected (voip.rules) 12113 <-> VOIP-SIP SIP URI overflow attempt (voip.rules) 12167 <-> VOIP-SIP multiple at signs in SIP URI (voip.rules) 12170 <-> VOIP-SIP inbound 408 Request Timeout message (voip.rules) 12171 <-> VOIP-SIP outbound 408 Request Timeout message (voip.rules) 12172 <-> VOIP-SIP inbound 501 Not Implemented message (voip.rules) 12173 <-> VOIP-SIP outbound 501 Not Implemented message (voip.rules) 12174 <-> VOIP-SIP inbound 604 Does Not Exist Anywhere message (voip.rules) 12175 <-> VOIP-SIP outbound 604 Does Not Exist Anywhere message (voip.rules) 12176 <-> VOIP-SIP inbound 415 Unsupported Media Type message (voip.rules) 12177 <-> VOIP-SIP outbound 415 Unsupported Media Type message (voip.rules) 12178 <-> VOIP-SIP inbound 481 Call/Leg Transaction Does Not Exist (voip.rules) 12179 <-> VOIP-SIP outbound 481 Call/Leg Transaction Does Not Exist (voip.rules) 12180 <-> VOIP-SIP inbound 404 Not Found (voip.rules) 12181 <-> VOIP-SIP outbound 404 Not Found (voip.rules) 12631 <-> EXPLOIT Microsoft Kodak Imaging small offset malformed jpeg tables (exploit.rules) 12632 <-> EXPLOIT Microsoft Kodak Imaging large offset malformed jpeg tables (exploit.rules) 12633 <-> EXPLOIT Microsoft Kodak Imaging small offset malformed tiff (exploit.rules) 12634 <-> EXPLOIT Microsoft Kodak Imaging large offset malformed tiff 2 (exploit.rules) 12680 <-> VOIP-SIP Via header hostname buffer overflow attempt - TCP (voip.rules) 12681 <-> VOIP-SIP SIP URI possible overflow (voip.rules) 12983 <-> EXPLOIT DirectX SAMI file CRawParser attempted buffer overflow attempt (exploit.rules)
